NBAR Coarse-Grain Classification

NBAR provides two levels of application recognition—coarse-grain and fine-grain. In the Cisco IOS XE Release 3.14S, by default NBAR operates in the fine-grain mode, offering NBAR's full application recognition capabilities. By minimizing deep packet inspection, coarse-grain mode offers a performance advantage and reduces memory resource demands.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About NBAR Coarse-Grain Classification

Overview of NBAR Coarse-Grain Classification

NBAR provides two levels of application recognition-coarse-grain and fine-grain. By default NBAR operates in the fine-grain mode, offering NBAR's full application recognition capabilities. The default NBAR fine-grain mode is equivalent to NBAR functionality and performance prior to introduction of separate fine-grain and coarse-grain modes. This provides full backward compatibility for existing configurations.

By minimizing deep packet inspection, coarse-grain mode offers a performance advantage and reduces memory resource demands. This mode is be used in scenarios where the full power of fine-grain classification is not required. We recommend that you use fine-grained mode when per-packet reporting is required. When specific per-packet reporting is not required, use the coarse-grained mode, as it offers performance and memory advantages.

Simplified Classification

Coarse-grain mode employs a simplified mode of classification, minimizing deep packet inspection. NBAR caches classification decisions made for earlier packets, then classifies later packets from the same server similarly.

Classification by First Packet

Most flows are classified based on the first packet of the flow, even in the case of a IP Synchronization (SYN) packet, because no payload inspection is performed. Consequently, policies apply to the entire flow rather than depending on the payload.

Limitations of Coarse-Grain Mode

Coarse-grain mode has the following limitations in metric reporting detail:

Field extraction and sub-classification—Only partially supported. In coarse-grain mode, the reported results of field extraction and sub-classification are less accurate and may be sampled.

Granularity—Caching may result in some reduction in the granularity. For example, NBAR might classify some traffic as ms-office-365 instead of as the more specific ms-office-web-apps.

Evasive applications—Classification of evasive applications such as BitTorrent, eMule, and Skype, may be less effective than in fine-grain mode which is the default NBAR. Consequently, blocking or throttling may not work as well for these applications.

Comparison of Fine-grain and Coarse-grain Modes

Coarse-grain mode has the following limitations in metric reporting detail:

Fine-Grain Mode

Coarse-Grain Mode

Classification

Full-power of deep packet inspection

Simplified classification

Some classification according to similar earlier packets.

Performance

Slower

Faster

Memory Resources

Higher memory demands

Lower memory demands

Sub-classification

Full supported

Partial support

Field Extraction

Full supported

Partial support

Ideal usage

Per-packet policy

Example:

class-map that looks for specific url

When there is no requirement for specific per-packet operations.

How to Configure NBAR Coarse-Grain Classification

Configuring the NBAR Classification Modes

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip nbar classification granularity coarse-grain

    4.    exit

    5.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example: 
    Device> enable
     
    Enables privileged EXEC mode.
    • Enter your password if prompted.
     
    Step 2configure terminal


    Example: 
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip nbar classification granularity coarse-grain


    Example: 
    Device(config)# ip nbar classification granularity coarse-grain
     

    Configures the coarse-grain NBAR classification mode.

     
    Step 4exit


    Example: 
    Device(config)# exit
     

    Exits the global configuration mode and enters privileged EXEC mode.

     
    Step 5end


    Example: 
    Device(config-if)# end
     

    Returns to privileged EXEC mode.

     

    Configuring a Performance Monitor Context with Application Statistics

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    performance monitor context context-name coarse-grainprofile-name

      4.    traffic-monitor application-client-server-stats

      5.    exit

      6.    interface type slot/port/number

      7.    performance monitor context context-name

      8.    end

      9.    show ip nbar classification granularity


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example: 
      Device> enable
       
      Enables privileged EXEC mode.
      • Enter your password if prompted.
       
      Step 2configure terminal


      Example: 
      Device# configure terminal
       

      Enters global configuration mode.

       
      Step 3performance monitor context context-name coarse-grainprofile-name


      Example: 
      Device (config)# performance monitor context xyz profile application-statistics
       

      Enters performance monitor configuration mode, and creates a context with application-statistics profile.

      Note   

      Configuring an Easy Performance Monitor (ezPM) policy using the Application Statistics profile implicitly invokes the coarse-grain Network Based Application Recognition (NBAR) classification mode. However, if you need to configure fine-grain NBAR classification mode, use the ip nbar classification granularity fine-grain command after configuring the performance monitor context with application statistics profile.

       
      Step 4traffic-monitor application-client-server-stats


      Example: 
      Device(config-perf-mon)# traffic-monitor application-client-server-stats
       

      Configures the traffic monitor to monitor the specified metrics.

       
      Step 5exit


      Example: 
      Device(config-perf-mon)# exit
       

      Exits performance monitor configuration mode and enters global configuration mode.

       
      Step 6interface type slot/port/number


      Example: 
      Device(config)# interfcace 0/2/2
       

      Enters interface configuration mode.

       
      Step 7performance monitor context context-name


      Example: 
      Device (config-if)# performance monitor context xyz
       

      Configures the specified performance monitor context on the interface.

       
      Step 8end


      Example: 
      Device(config-if)# end
       

      Returns to privileged EXEC mode.

       
      Step 9show ip nbar classification granularity


      Example: 
      Device# show ip nbar classification granularity
       

      Displays the currently configured NBAR classification mode.

       

      Configuration Examples for NBAR Coarse-Grain Classification

      Example: Configuring the NBAR Classification Mode

      The following example shows how to configure the coarse-grain classification mode of NBAR: 

      Device> enable
Device# configure terminal
Device (config)# ip nbar classification granularity coarse-grain
Device (config)# end

      Example: Configuring a Performance Monitor Context with Application Statistics Profile

      The following example shows how to configure an Easy Performance Monitor (ezPM) policy using the Application Statistics profile and invoke coarse-grain NBAR classification mode: 

      Device> enable
Device# configure terminal
Device(config)# performance monitor context xyz profile application-statistics
Device(config-perf-mon)# traffic-monitor application-client-server-stats
Device(config-perf-mon)# exit
Device(config)# interface gigabitEthernet 0/2/2
Device(config-if)# performance monitor context xyz
Device(config-if)# end

      Example: Configuring a Performance Monitor Context with Application Statistics Profile and Force-configure Fine-Grain NBAR Classification Mode

      The following example shows how to configure an ezPM policy using the Application Statistics profile and to force-configure fine-grain NBAR classification mode: 

      Device> enable
Device# configure terminal
Device(config)# performance monitor context xyz profile application-statistics
Device(config-perf-mon)# traffic-monitor application-client-server-stats
Device(config-perf-mon)# exit
Device(config)# interface gigabitEthernet 0/2/2
Device(config-if)# performance monitor context xyz
Device(config-if)# end
Device (config)# ip nbar classification granularity fine-grain

      Example: Verifying the NBAR Classification Mode

      The following example shows how to verify the currently configured NBAR Classification Mode: 

      Device # show ip nbar classification granularity

NBAR classification granularity mode: coarse-grain

      Additional References for NBAR Coarse-Grain Classification

      Related Documents

      Related Topic

      Document Title

      Cisco IOS commands

      Cisco IOS Master Command List, All Releases

      AVC Configuration

      AVC Configuration module

      Technical Assistance

      Description

      Link

      The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

      http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

      Feature Information for NBAR Coarse-Grain Classification

      The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

      Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
      Table 1 Feature Information for NBAR Coarse-Grain Classification

      Feature Name

      Releases

      Feature Information

      NBAR Coarse-Grain Classification

      Cisco IOS XE Release 3.14S

      Network Based Application Recognition (NBAR) provides two levels of application recognition—coarse-grain and fine-grain. By default NBAR operates in the fine-grain mode, offering NBAR's full application recognition capabilities. By minimizing deep packet inspection, coarse-grain mode offers a performance advantage and reduces memory resource demands.

      The following command was introduced or modified:

      ip nbar classification granularity and show ip nbar classification granularity.